This session is intended for Drupalers who would want to avoid security loopholes while writing code or architecting solutions. We will delve into common security issues that ail custom code and will use practical examples using both vulnerable and secure code snippets. This session will mostly about my encounters and experience after doing 500+ project application reviews and could also serve as a good guideline for new contributors.
Some of the things that we will discuss in the session with live examples of each:
- SQL Injection
- Cross-Site Scripting (XSS)
- Access control over your menus entries using permissions(Menu access bypass)
- Node access bypass
- Correct use of drupal_goto unless leads to vulnerability
- Common Security Strategies